A blog by Oleg Shilovitsky
Information & Comments about Engineering and Manufacturing Software

Cloud PLM and “Good Enough” Security

Cloud PLM and “Good Enough” Security
Oleg
Oleg
9 July, 2012 | 2 min for reading

When it comes to “cloud PLM”, the discussion about “security” is almost inevitable. This is one of the top concerns of people and, at the same way, top argument of IT and other people arguing against use of public (and other variations of) cloud PLM systems. I’m reading about security topic and the cloud in many blogs these days. The topic comes in different variations and aspects. Few days ago, I came across the article in ReadWriteWeb Enterprise blog – Why “Good Enough” Security Really Is Good Enough for Most Companies. Spend some time and have a read. This article resonated with some of my comments I’ve made previously about cloud, PLM and security. At the end it comes to the risk. The following passage I especially liked:

It may sound cynical, but avoiding legal liability for security negligence is an excellent goal. Not only does it protect your business, but it generally requires your organization to take advantage of the best practices and policies that are widely agreed upon. Security quality standards and independent auditors are the best protection against being found negligent, and they put businesses at the same starting line as everyone else.

Another thing about security rules I see as a very important is related to how organization can make security rules reasonable. Here is the situation I’ve seen many times. A company made very strict rules on how to share documents outside of organization with a portal and set of very complicated rules. At the same time, you can see how people are sharing files using Gmail and Google Drive / Docs. Another passage from ReadWriteWeb speaks exactly about that:

Make realistic rules. If you’re not realistic, employees will tune you out. If you say “don’t ever do X,” but someone turns out to have a good reason to do X, they will take the rules less seriously. It’s far better to explain why an employee shouldn’t do X, list some alternatives, and give mitigating advice for the times when X is unavoidable. For example, when extremely complex password requirements result in passwords no one can memorize, they end up on post-its near the desk. Such a complex password policy should be accompanied by advice on how to manage an unmemorable password. (For example, “Keep it in your wallet, not on the wall.”)

So, what is my conclusion? To set up realistic rules and goal for “good enough” is a way to go. I can see companies that will keep their gates closed. However, low cost barrier and good compromise will drive many companies to adopt cloud PLM sooner than later. Just my thoughts.

Best, Oleg

Recent Posts

Also on BeyondPLM

4 6
6 January, 2010

I’ve been thinking about Microsoft SharePoint success in enterprise organizations. For the last few years Microsoft leapfrog in their ability...

26 April, 2012

The ability to develop virtual conversation accorss continents and timezones is one of the most exciting parts of my blogging...

14 May, 2015

CAD files. Everyone who is dealing with design and engineering is familiar with this type of data. Large files, many...

28 August, 2020

How to provide the mechanical design community access to a growing library of products available and connect engineers working on...

28 July, 2010

iPad sales are skyrocketing. I read “Global CIO: Top 10 Reasons Steve Jobs & Apple Are The Future Of IT”....

8 June, 2015

The adoption of PLM is a tricky question. I use a term PLM for the moment, to describe both tools...

15 June, 2009

Prompt note on Amazon Kindle DX announcement. Look Kindle DX review. It includes embedded wireless support and new native PDF...

8 July, 2019

Digital transformation is big marketing hit these days. Everyone is obsessed with how to transform companies, tools, and customers “digitally”....

23 July, 2009

Very Loud Prompt- Google building 3D hardware boost into Chrome. Brad Chen, engineering manager of the Google Native Client said...

Blogroll

To the top